1. Field of the Invention
The present invention relates to telecommunication services and more particularly to a method and system for using a telecommunications channel to provide authentication or authorization for users of a service.
2. Description of Related Art
Cellular wireless is an increasingly popular means of communication, as it offers users the opportunity for secure exchange of voice and data information using a mobile station (“MS”), such as a cellular telephone. In principle, a user equipped with a MS can seek information over the Internet or call anyone over a Public Switched Telephone Network (“PSTN”) from anywhere within the coverage area of the cellular wireless network. Security of communications using a cellular wireless network is maintained through, among other things, the use of spread-spectrum transmission techniques such as code-division multiple access (CDMA). Moreover, individual mobile stations include an electronic serial number (“ESN”) hard-coded into the circuitry of each MS to make it extraordinarily difficult to fraudulently mimic the identity of a MS.
One popular service offered for users of cellular wireless communications, and particularly users of a personal communications service (“PCS”), is the short message service (“SMS”). The SMS is a service implemented over a cellular wireless network for sending short text messages over the network between stations called short message entities through a message center (“MC”). A short message entity is often, but not necessarily, incorporated in a cellular phone or other MS. Short message entities may be implemented, for example, over an Internet protocol (“IP”) network or other network. In general, the SMS service may allow a person to type in a desired text message, indicate the directory number associated with a destination mobile station, and then transmit an SMS message encapsulating the desired text message. The telecommunications network then conveys the text message to the destination mobile station, where the message is typically displayed for receipt by an end user. SMS messaging is described in, for example, Gallagher & Snyder, “Mobile Telecommunications Networking with IS-41” (1997), 285–310 and may be compliant with an industry standard such as the Telecommunications Industry Association (TIA)/Electronics Industry Association (EIA) Interim Standard IS-637A (“Short Message Service for Spread Spectrum Systems”). Other messaging services are Session Initiation Protocol (SIP) instant messaging and wireless application protocol (WAP) push. SIP is described in, for example, IETF RFC-3261 (June 2002), and WAP push is described in, for example, “WAP Push Architectural Overview,” WAP-250-PushArchOverview-20010703-a, ver. 03 (July 2001).
With the increasing use of automated communication services of all kinds, whether wired or wireless, sensitive transactions are increasingly carried out over these communication services. For example, consumers and business often perform banking transactions over the Internet or at an automated teller machine (ATM), which itself is a communications terminal tied with the bank's central computing system. Purchases are often made with credit cards over e-commerce Web sites. Employees use the Internet to log in to their company's Web site to access confidential information related to their work. In all of these situations, it is desirable to authenticate the user by verifying the identity of a user before providing the user with access to the service. To verify the user's identity, the user must often provide a username and password over the same communication channel he or she will use to access the service. In the case of an ATM, the combination of an ATM card and personal identification number (“PIN”) is used to verify the identity of a user. In these systems, any fraudulent user who learns a username and password can access restricted services over the Web, and a thief who takes an ATM card and learns the PIN of the owner can make banking transactions using the card, including withdrawing cash from the owner's account.